Security Notes included with documentation

Topics: General discussion
Feb 13, 2008 at 10:09 PM
I work in Information Security and wanted give a big shout out to whomever is responsible for including the security notes in the developer documentation for the Library.

Seems like I have started to notice this in other areas as well.

Notes like:

"The Logging Application Block formatters do not encrypt logging information. Trace listener destinations receive logging information as clear text. This means that attackers that can access a trace listener destination can read the information. You can prevent unauthorized access to sensitive information. One approach is to use Access Control Lists (ACL) to restrict access to flat files. You can also create a custom formatter that encrypts log information. For information on how to create a custom formatter, see Extending the Logging Application Block. "

Make my job easier and help to educate the developers directly at the source and before they deploy software.